Google and Amazon have been fined in France for the illegitimate use of cookies to monitor the web activity of their users. The National Commission for Information Technology and Liberties (also known by the acronym CNIL), an independent body responsible for enforcing privacy laws in France, has announced that both companies will face fines of 100 and 35 million euros, respectively, for serious violations in the management of this type of web elements.

According to the statements issued by the CNIL, both Google and Amazon store tracking cookies on the computers of their visitors just by visiting the website. This storage was done in an unannounced way.

In Google’s case, a note with a reminder about privacy appeared with two buttons (remember later and access now), but the user did not receive any information about the cookies that had already been installed. Amazon France, on the other hand, displayed a section that contained “general and approximate information” on the site’s use of cookies, but the CNIL considered that “the user could not understand” that these cookies were for advertising purposes. Furthermore, “the banner did not explain to the user that he could refuse them and how to do so”.

These violations have been judged serious enough to require Amazon to pay 35 million euros. Google’s fine amounts to 100 million, but will be split in two: Google LLC will have to pay 60 million, while Google Ireland Limited will pay the remaining 40 million. This amount is due not only to the infringement itself, but to the fact that the companies sanctioned obtained “significant benefits” derived from the income generated indirectly by the advertising.

Both Google and Amazon will now have to modify the information they provide to their visitors in France within three months. If they do not comply with this requirement, they face an additional penalty of 100,000 euros for each day of delay in implementation. This is also not Google’s first brush with the CNIL, which already sanctioned the search engine in January 2019 for violating the GDPR by obfuscating information on data processing, splitting it into multiple documents to make it difficult to access and understand.


Please enter your comment!
Please enter your name here